<?php

// ##############################################################################||
// #                                                                 
// #   MySmartBB Version 1.7.0	                                      
// #   http://www.MySmartBB.com                                      
// #   Copyright (c) 2006 by Dr.Nabhan   www.moon.ps                        
// #                                                             
// #   filename : attachments.php                                  
// #   download and show attachment files                                          
// #                                                                  
// ##############################################################################||


/*************************************************************************/
/*************************************************************************/
    // define('NOT_IN_INDEX',0);
    //define('NO_STYLE',1);
    define('NO_HEADER',1);
    include('common.php');
/*************************************************************************/
/*************************************************************************/
# اذا لم أكن عضواً فلا تسمح لي بالإكمال
if ($member_permission != 1)
{
        $SF->error("أنت غير مخول لدخول هذه الصفحة",1);
}

# المتغير المؤقت إن لم يكن موجوداً فلا تدخلني أيضاً
if ($_GET['temp_'] == "")
{
        $SF->error("عذراً .. هنالك خطأ .. يتوجب عليك فتح هذه الصفحة مرة أخرى من خلال رد أو موضوع جديد",1);
}
if ($_GET['subject_id'] != "")
{
        if ($_GET['reply'] == 1)
        {
                $getattach_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "attach WHERE temp='" . $_GET['temp_'] . "' or subject_id='" . intval($_GET['subject_id']) . "' and reply='1'");
                $Smarty->assign('reply',1);
        }
        else
        {
                $getattach_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "attach WHERE temp='" . $_GET['temp_'] . "' or subject_id='" . intval($_GET['subject_id']) . "' ");
        }
        $uplode_direct = 1;
        $Smarty->assign("s_id",intval($_GET['subject_id']));

}
else
{
        # هنا يتم الاستعلام عن المرفقات الخاصة بهذا الموضوع أو الرد
        $getattach_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "attach WHERE temp='" . $_GET['temp_'] . "'");
}

                $getattach_num   = $DB->sql_num_rows($getattach_query);
        # هنا يتم تعريف متغير مؤقت لجميع المرفقات هنا
        $temp = $_GET['temp_'];
        $Smarty->assign('temp',htmlspecialchars($temp));

 if ($_GET['do'] == "")
    {
             if ($getattach_num != 0)
             {
                     while ($getattach_row   = $DB->sql_fetch_array($getattach_query))
                     {
                             $getattach_rows[] = $getattach_row;
                             $Smarty->assign_by_ref('getattach_row',$getattach_rows);
                     }
             }
             $Smarty->assign('getattach_num',$getattach_num);

             $Smarty->display('post_add-attachments.tpl');
    }

  ## upload process
    if ($_GET['do'] == "upload" and !empty($HTTP_POST_FILES['F1']['name']))
    {
            if ($groupper_row['upload_attach'] != 1)
            {
                    $SF->error('المعذره .. لا يمكنك استخدام المرفقات',1);
            }

            $file_ex = $SF->Get_file_extension($HTTP_POST_FILES['F1']['name']);
            $checkex_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "ex WHERE Ex='" . $file_ex . "'");
            $checkex_row   = $DB->sql_fetch_array($checkex_query);
            if ($groupper_row['upload_attach_num'] <= $getattach_num)
            {
                    $SF->error('عذراً .. غير مسموح لك بتحميل أكثر من (' . $groupper_row['upload_attach_num'] . ') في نفس الإضافة',1);
                      if ($uplode_direct == 1)
                      {
                              if ($_GET['reply'] == 1)
                              {
                                     $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '&reply=1',2);
                              }
                              else
                              {
                                    $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '',2);
                              }
                      }
                      else
                      {
                               $SF->go_to('attachments.php?temp_=' . $temp . '',2);
                      }
            }
            if ($DB->sql_num_rows($checkex_query) <= 0)
            {
                    $SF->error('امتداد الملف المرفق غير مسموح !',1);
                      if ($uplode_direct == 1)
                      {
                              if ($_GET['reply'] == 1)
                              {
                                     $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '&reply=1',2);
                              }
                              else
                              {
                                    $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '',2);
                              }
                      }
                      else
                      {
                               $SF->go_to('attachments.php?temp_=' . $temp . '',2);
                      }
            }
            if ($HTTP_POST_FILES['F1']['size'] > ($checkex_row['max_size'] * 1024))
            {
                    $SF->error('المعذره حجم الملف غير مقبول',1);
                      if ($uplode_direct == 1)
                      {
                              if ($_GET['reply'] == 1)
                              {
                                     $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '&reply=1',2);
                              }
                              else
                              {
                                    $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '',2);
                              }
                      }
                      else
                      {
                               $SF->go_to('attachments.php?temp_=' . $temp . '',2);
                      }
            }
            if (file_exists($info_row['download_path'] . '/' . $HTTP_POST_FILES['F1']['name']))
            {
			
                    $filename  = explode('.',$HTTP_POST_FILES['F1']['name']);
                    $filename  = $filename[0];
                    $filename .= time();
                    $filename .= $SF->Get_file_extension($HTTP_POST_FILES['F1']['name']);;
            }
            else
            {
                    $filename = $HTTP_POST_FILES['F1']['name'];
            }
                      $file   = $HTTP_POST_FILES['F1']['tmp_name'];
                      $upload = @move_uploaded_file($file,$info_row['download_path'] . '/' . $filename);
  
                 $attach_ex = $SF->Get_file_extension($HTTP_POST_FILES['F1']['name']);
				 
            switch ($attach_ex)
			 {
                case ".exe"  :		$extension = 	"image/exten/exe.gif";		break;
                case ".mp3"  :		$extension = 	"image/exten/mp3.gif";		break;
                case ".wmv"  :		$extension = 	"image/exten/wmv.gif";		break;
                case ".mov"  :		$extension = 	"image/exten/mov.gif";		break;
                case ".avi"  :		$extension = 	"image/exten/avi.gif";		break;
                case ".ram"  :		$extension = 	"image/exten/ram.gif";		break;
                case ".rm"   :		$extension = 	"image/exten/rm.gif" ;		break;
                case ".php"  :		$extension = 	"image/exten/php.gif";		break;
                case ".xml"  :		$extension = 	"image/exten/xml.gif";		break;
                case ".psd"  :		$extension = 	"image/exten/psd.gif";		break;
                case ".3gp"  :		$extension = 	"image/exten/3gp.gif";		break;
                case ".pdf"  :		$extension = 	"image/exten/pdf.gif";	 	break;
                case ".rtf"  :		$extension = 	"image/exten/rtf.gif";	 	break;
                case ".zip"  :		$extension = 	"image/exten/zip.gif";		break;
                case ".rar"  :		$extension = 	"image/exten/rar.gif";		break;
                case ".doc"  :		$extension = 	"image/exten/doc.gif";		break;
                case ".xls"  :		$extension = 	"image/exten/xls.gif";	 	break;
                case ".ppt"  :		$extension = 	"image/exten/ppt.gif";	 	break;
                case ".txt"  :		$extension = 	"image/exten/txt.gif";		break;

				default		 :		$extension = 	"image/exten/unknown.gif";
            }
			 
                $image_extensions = array ('.jpg',
                                           '.gif',
                                           '.jpeg',
                                           '.jpe',
										   '.png',
                                           '.bmp'
                                          );
														
                if (in_array ($attach_ex,$image_extensions))
					 $extension = "image/exten/imgs.gif"; 

                      if ($uplode_direct == 1)
                      {
                              if ($_GET['reply'] == 1)
                              {
                                      $inseru = $DB->sql_query("INSERT INTO " . $db_prefix . "attach(id,filename,filepath,filesize,fileext,subject_id,u_id,reply) VALUES('NULL','" . $SF->SafeSQL($filename) . "','" . $info_row['download_path'] . "/" . $SF->SafeSQL($filename) . "','" . $HTTP_POST_FILES['F1']['size'] . "','" . $extension . "','" . intval($_GET['subject_id']) . "','" . $member_row['id'] . "','1')");
                                        $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '&reply=1',2);
                              }
                              else
                              {
                                      $inseru = $DB->sql_query("INSERT INTO " . $db_prefix . "attach(id,filename,filepath,filesize,fileext,subject_id,u_id) VALUES('NULL','" . $SF->SafeSQL($filename) . "','" . $info_row['download_path'] . "/" . $SF->SafeSQL($filename) . "','" . $HTTP_POST_FILES['F1']['size'] . "','" . $extension . "','" . intval($_GET['subject_id']) . "','" . $member_row['id'] . "')");
                                      $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '',2);
                              }
                      }
                      else
                      {
                               		 $inseru = $DB->sql_query("INSERT INTO " . $db_prefix . "attach(id,filename,filepath,filesize,fileext,temp,u_id) VALUES('NULL','" . $SF->SafeSQL($filename) . "','" . $info_row['download_path'] . "/" . $SF->SafeSQL($filename) . "','" . $HTTP_POST_FILES['F1']['size'] . "','" . $extension . "','" . $SF->SafeSQL($temp) . "','" . $member_row['id'] . "')");
									 
									 
                      $SF->go_to('attachments.php?temp_=' . $temp . '',2);
                      }
                      $SF->msg("تم تحميل الملف");


    }


    # هنا أوامر حذف المرفق
    if ($_GET['do'] == "del" and $_GET['id'] != "")
    {
            # الاستعلام عن المرفق المراد حذفه
            $get_d_a_query      = $DB->sql_query("SELECT * FROM " . $db_prefix . "attach WHERE id='" . intval($_GET['id']) . "'");
            $get_d_a_row        = $DB->sql_fetch_array($get_d_a_query);
            $get_d_a_num        = $DB->sql_num_rows($get_d_a_query);

            # هنا الاستعلام عما اذا كان هذا العضو مشرفاً للقسم
            if ($groupper_row['group_mod'] == 1)
            {
                           if ($get_d_a_row['reply'] == 1)
                              {
                                        $section_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "reply WHERE id='" . $get_d_a_row['subject_id'] . "'");
                                        $section_row        = $DB->sql_fetch_array($section_query);
                                        $section_query2 = $DB->sql_query("SELECT * FROM " . $db_prefix . "subject WHERE id='" . $section_row['subject_id'] . "'");
                                        $section_row2        = $DB->sql_fetch_array($section_query2);
                                        $section_id = $section_row2['section'];
                              }
                              else
                              {
                                      $section_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "subject WHERE id='" . $get_d_a_row['subject_id'] . "'");
                                      $section_row        = $DB->sql_fetch_array($section_query);
                                      $section_id = $section_row['section'];
                              }
                      $getsectionmod_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "sectionadmin WHERE section_id='" . intval($section_id) . "' AND member_id='" . $member_row['id']  . "'");
                      $getsectionmod_num   = $DB->sql_num_rows($getsectionmod_query);
            }

            # أمر الحذف
            if ($groupper_row['del_own_attach'] == 1 and $member_row['id'] == $get_d_a_row['u_id']  or $groupper_row['admincp_allow'] == 1 or $groupper_row['vice'] == 1 or $getsectionmod_num != 0)
            {
                      /*if ($get_d_a_row['temp'] != "")
                      {*/
                              $del  = $DB->sql_query("delete FROM " . $db_prefix . "attach where id='" . intval($_GET['id']) . "'");
                              $del2 = @unlink($get_d_a_row['filepath']);
                      //}
                      /*else
                      {
                              $del = $DB->sql_query("UPDATE " . $db_prefix . "attach set del='1' where id='" . intval($_GET['id']) . "'");
                      } */
                      $SF->msg("تم حذف الملف");
                      if ($uplode_direct == 1)
                      {
                              if ($_GET['reply'] == 1)
                              {
                                     $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '&reply=1',2);
                              }
                              else
                              {
                                    $SF->go_to('attachments.php?temp_=' . $temp . '&subject_id=' . $_GET['subject_id'] . '',2);
                              }
                      }
                      else
                      {
                               $SF->go_to('attachments.php?temp_=' . $temp . '',2);
                      }
            }
    }
?>